Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Filtered by product Joomla
Total 215 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6645 1 Joomla 1 Joomla 2024-11-21 7.5 HIGH N/A
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
CVE-2007-6644 1 Joomla 1 Joomla 2024-11-21 6.5 MEDIUM N/A
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
CVE-2007-6643 1 Joomla 1 Joomla 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6642 1 Joomla 1 Joomla 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.
CVE-2007-6272 1 Joomla 1 Joomla 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
CVE-2007-5457 2 Joomla, Michael Dempfle 2 Joomla, Joomla Flash Uploader 2024-11-21 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
CVE-2007-5451 2 Com Colorlab, Joomla 2 Com Colorlab, Joomla 2024-11-21 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-5427 1 Joomla 2 Com Search Component, Joomla 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.
CVE-2007-5410 2 Joomla, Webmaster-tips 2 Joomla, Flash Rss Reader 2024-11-21 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-5389 2 Joomla, Swmenupro 2 Joomla, Swmenufree 2024-11-21 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests
CVE-2007-5363 2 Joomla, Webmaster-tips 2 Joomla, Panoramic Picture Viewer 2024-11-21 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5362 3 Ag-solutions, Joomla, Mambo 3 Mosmedia Lite, Joomla, Mambo 2024-11-21 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.
CVE-2007-5310 2 Joomla, Webmaster-tips.net 2 Joomla, Flash Image Gallery 2024-11-21 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-5309 2 Joomla, Webmaster-tips.net 2 Joomla, Flash Image Gallery 2024-11-21 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-5065 2 Joomla, Webmaster-tips 2 Joomla, Flash Slide Show 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-4781 1 Joomla 1 Joomla 2024-11-21 6.6 MEDIUM N/A
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.
CVE-2007-4780 1 Joomla 1 Joomla 2024-11-21 6.8 MEDIUM N/A
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.
CVE-2007-4779 1 Joomla 1 Joomla 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.
CVE-2007-4778 1 Joomla 1 Joomla 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777.
CVE-2007-4777 1 Joomla 1 Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778.